Toggle Dark Mode
While we’re all eagerly anticipating the exciting features coming in iOS 17, Apple hasn’t forgotten that most of the world is still using iOS 16. The company already has beta versions of iOS 16.6 making the rounds, but in the meantime, it’s just released a critical security patch for iOS 16.5.
This comes in the form of iOS 16.5.1, a “sub-point” release intended to fix bugs in iOS 16.5 and close the door on any potential security vulnerabilities.
This latest minor release lands a little over a month after iOS 16.5 came out and suggests that Apple found a few things that needed to be fixed that couldn’t wait for iOS 16.6, which is likely still at least a few weeks away.
No Subscriptions - Get Microsoft Office Lifetime Access for Just $49.97
Even Microsoft tries to nudge you toward paying monthly for their Suite 365. The good news is that you don't have to. iDrop News readers can get lifetime access to MS Office at 85% off the normal price...Get It Here
The new release resolves a bug we came across last month that prevented Apple’s Lighting to USB 3 Camera Adapter from working with accessories that require more power than the iPhone is able to provide through its own Lightning port. Something in iOS 16.5 seemed to prevent the iPhone from recognizing an external power source connected to the adapter. This has now been fixed in iOS 16.5.1.
However, what’s even more significant is that, as with most recent iOS updates, iOS 16.5.1 patches two more potentially serious security flaws.
Researchers at Kaspersky discovered a kernel vulnerability in iOS 16.5, and likely prior versions, that could allow an app to “execute arbitrary code with [system-level] kernel privileges.” Another issue reported to Apple by an anonymous researcher could “lead to arbitrary code execution” as a result of “processing maliciously crafted web content.”
Unfortunately, these aren’t merely theoretical exploits. Apple notes that both of these issues “may have been actively exploited,” which suggests they’re already in the hands of hackers and cybercriminals. The best-case scenario is that they’re being used exclusively by industrial-grade spyware such as Pegasus and Predator, which most of us will likely never become targets of, but Apple doesn’t get that specific.
In an unusual twist, Apple does note that the kernel vulnerability may have only been actively exploited against versions of iOS released before iOS 15.7, but that doesn’t change the fact that the flaw still exists in iOS 16.5, meaning it could be used to target more recent versions.
However, since that means these vulnerabilities also existed in iOS 15, Apple has released iOS 15.7.7 to provide security fixes for the original iPhone SE, iPhone 6s, and iPhone 7 lineups, which can’t be upgraded to iOS 16, along with iPadOS 15.7.7 for the iPad Air 2, iPad mini 4, and iPod touch.
There are also corresponding updates for the Apple Watch and Mac, covering current models with watchOS 9.5.2 and macOS Ventura 13.4.1, plus watchOS 8.8.1, macOS Monterey 12.6.7, and macOS Big Sur 11.7.8 for older Apple Watches and Macs that can’t run the latest operating systems.
The macOS Ventura 13.4 update addresses the same kernel and webkit flaws as iOS 16.5.1; however, both of the watchOS updates and the older macOS Monterey and Big Sur releases only address the kernel flaw, suggesting the WebKit vulnerability didn’t exist in those older versions.